Press Releases

For press inquiries, please contact:

Cryptography Research to Lead Workshop on Securing Devices Using Elliptic Curve Cryptography (ECC) Against Power Analysis Attacks

SAN FRANCISCO, California — February 5, 2008 — Cryptography Research, Inc. (CRI) today announced that it will hold a three day workshop on how to evaluate the security of Elliptic Curve Cryptography (ECC) platforms against power analysis. ECC is used to protect secret information exchanged in smart cards, electronic passports, mobile communication systems and other devices. Simple Power Analysis (SPA) and Differential Power Analysis (DPA) are techniques that can expose these devices to tampering and fraud by revealing keys and other secret information stored on a chip. The workshop takes place on March 10-12 at CRI’s San Francisco office.

”Many companies are implementing Elliptic Curve Cryptography in their products for efficiency reasons and because of ECC’s position in the NSA Suite B standards,” said Ken Warren, smart card business manager at CRI. “This workshop will help participants understand and evaluate the security of ECC implementations in products against power analysis vulnerabilities.”

In the workshop, demonstrations will show how the Cryptography Research DPA WorkstationTM can be used to analyze ECC implementations. Attendees will also conduct hands-on tutorials using the DPA Workstation software to analyze smart cards performing common ECC algorithms.

DPA was discovered at CRI by Paul Kocher, Joshua Jaffe and Benjamin Jun, who demonstrated that power consumption measurements of smart cards and other devices could be analyzed to find secret keys. Vulnerable devices can be exploited by attackers to counterfeit digital cash, duplicate ID cards, manufacture forged consumables, pirate digital content or mount other attacks. Countermeasures to SPA and DPA are necessary to secure tamper-resistant devices, and are required for United States government products under the draft FIPS 140-3 standard.

The primary audience for the workshop includes developers and architects of secure embedded systems, as well as evaluators and individuals designing testing requirements for tamper-resistant products. Technical staff interested in designing and testing tamper-resistant systems for consumer products, financial systems, anti-piracy/conditional access systems or government/defense applications are also encouraged to attend.